Overview

overview

5

Static

static

Confirmed ...df.exe

windows7_x64

5

Confirmed ...df.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Confirmed order#PR2100906.pdf.exe

  • Size

    50KB

  • Sample

    210408-h984q8txws

  • MD5

    ea2ab18853713d0dbb69b49354b75507

  • SHA1

    7a6ec638ba7c07c7278d3d9e585c69de45751b56

  • SHA256

    94bb5cf3b2d56807ecdff0d731b5bea776de7a22bd15c3bdd256157e8a0c02b8

  • SHA512

    2e8fac506df7eddc9964b3df9f8ddfb5263fab55d4168ccd79ea29378cce63e0785a098c0c352c02aaabd39e8bb9afe248d51ac9f37b71aad545bf872c45f744

Score
5/10

Malware Config

Targets

    • Target

      Confirmed order#PR2100906.pdf.exe

    • Size

      50KB

    • MD5

      ea2ab18853713d0dbb69b49354b75507

    • SHA1

      7a6ec638ba7c07c7278d3d9e585c69de45751b56

    • SHA256

      94bb5cf3b2d56807ecdff0d731b5bea776de7a22bd15c3bdd256157e8a0c02b8

    • SHA512

      2e8fac506df7eddc9964b3df9f8ddfb5263fab55d4168ccd79ea29378cce63e0785a098c0c352c02aaabd39e8bb9afe248d51ac9f37b71aad545bf872c45f744

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks